From 13361a3b4b060989ee4ea8ea5719a45c72a182a1 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 6 Nov 2023 20:28:42 +0100
Subject: [PATCH] [ticket/9687] Clean up code some more

PHPBB3-9687
---
 phpBB/install/convertors/convert_phpbb20.php | 9 ++++++---
 phpBB/phpbb/ban/type/base.php                | 4 ++--
 phpBB/phpbb/ban/type/user.php                | 2 +-
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php
index e8266de86c..afea6a92da 100644
--- a/phpBB/install/convertors/convert_phpbb20.php
+++ b/phpBB/install/convertors/convert_phpbb20.php
@@ -455,7 +455,8 @@ if (!$get_info)
 				array('ban_reason',				'',						''),
 				array('ban_reason_display',		'',						''),
 
-				'where'			=> "banlist.ban_ip NOT LIKE '%.%' AND banlist.ban_userid <> 0",
+				'where'			=> "banlist.ban_ip NOT LIKE '%.%'
+										AND banlist.ban_userid <> 0",
 			),
 
 			array(
@@ -466,7 +467,8 @@ if (!$get_info)
 				array('ban_reason',				'',						''),
 				array('ban_reason_display',		'',						''),
 
-				'where'			=> "banlist.ban_ip NOT LIKE '%.%' AND banlist.ban_email <> ''",
+				'where'			=> "banlist.ban_ip NOT LIKE '%.%'
+										AND banlist.ban_email <> ''",
 			),
 
 			array(
@@ -477,7 +479,8 @@ if (!$get_info)
 				array('ban_reason',				'',						''),
 				array('ban_reason_display',		'',						''),
 
-				'where'			=> "banlist.ban_userid = 0 AND banlist.ban_ip <> ''",
+				'where'			=> "banlist.ban_userid = 0
+										AND banlist.ban_ip <> ''",
 			),
 
 			array(
diff --git a/phpBB/phpbb/ban/type/base.php b/phpBB/phpbb/ban/type/base.php
index 70885a2847..1ae7080991 100644
--- a/phpBB/phpbb/ban/type/base.php
+++ b/phpBB/phpbb/ban/type/base.php
@@ -112,7 +112,7 @@ abstract class base implements type_interface
 			FROM ' . $this->bans_table . '
 			WHERE (ban_end >= ' . time() . "
 					OR ban_end = 0)
-				AND ban_mode = '{$this->get_type()}'
+				AND ban_mode = '{$this->db->sql_escape($this->get_type())}'
 			ORDER BY ban_item";
 		$result = $this->db->sql_query($sql);
 		$rowset = $this->db->sql_fetchrowset($result);
@@ -143,7 +143,7 @@ abstract class base implements type_interface
 			$this->excluded[$this->user->id()] = $this->user->data[$user_column];
 		}
 
-		$sql = "SELECT user_id, {$user_column}
+		$sql = "SELECT user_id, {$this->db->sql_escape($user_column)}
 			FROM {$this->users_table}
 			WHERE user_type = " . USER_FOUNDER;
 		$result = $this->db->sql_query($sql);
diff --git a/phpBB/phpbb/ban/type/user.php b/phpBB/phpbb/ban/type/user.php
index a2b3f9b91b..bfd28e323c 100644
--- a/phpBB/phpbb/ban/type/user.php
+++ b/phpBB/phpbb/ban/type/user.php
@@ -79,7 +79,7 @@ class user extends base
 			WHERE (b.ban_end >= ' . time() . "
 					OR b.ban_end = 0)
 				AND b.ban_userid = u.user_id
-				AND b.ban_mode = '{$this->get_type()}'
+				AND b.ban_mode = '{$this->db->sql_escape($this->get_type())}'
 			ORDER BY u.username_clean ASC";
 		$result = $this->db->sql_query($sql);
 		while ($row = $this->db->sql_fetchrow($result))